Upbit spotted roughly $36mn in unauthorized Solana withdrawals from a hot wallet on Nov. 27, and CEO Oh Kyung-seok addressed it within hours.
He told users the exchange would cover the entire amount from its own holdings, and that customer balances weren’t touched.
Anyone who remembers 2019 will recognise the line. Upbit made the same promise after losing 342,000 ETH to North Korea-linked hackers, about $50mn at the time, and Dunamu, its parent, ate the loss without passing a cent to customers.
That’s the logic of hot-wallet insurance at centralized exchanges: the platform keeps counterparty risk on its own books.
You see variations of the model across the industry – pure self-insurance from the corporate treasury, exchange-run emergency pools like Binance’s SAFU, and third-party crime policies with fixed limits.
Tier-1 exchanges treat it as standard because it keeps Mt. Gox-style insolvencies at bay. Hacks become operational setbacks rather than existential events.
Markets, though, aren’t blind to the shock. Even when user balances stay whole, liquidity doesn’t. A breach still locks withdrawals, thins order books, sends spreads drifting wider, and spooks market-makers into pulling back.
The insurance model decides who eats the loss and how fast a platform can convincingly reopen. It doesn’t magic away counterparty risk, and traders feel that in the moment.
Upbit runs the cleanest version of self-insurance: no explicit limit, no external carrier, just the balance sheet. In both the 2019 ETH hack and the 2025 Solana breach, Dunamu classified the hit as an operating cost. The 2025 drain moved fast.
At around 4:42 a.m. local time, tokens tied to the Solana ecosystem worth about 54bn won flowed into an unknown address. Upbit froze Solana deposits and withdrawals and moved unaffected assets into cold storage.
Part of the stolen LAYER holdings got frozen on-chain, and the exchange said it was lining up more freezes with projects and law enforcement. The headline promise didn’t change: no customer losses.
That pledge lands because Upbit is big and liquid. But it isn’t a statutory guarantee.
There’s no third-party insurer, no deposit-protection regime, no mandated reserve ratio, no external audit that certifies the reimbursement pool. The whole structure rests on solvency.
It works right up until the day the numbers don’t. A hack large enough relative to equity could turn a proud record of reimbursement into a balance-sheet problem that even a well-funded exchange struggles to absorb.
